This week kicks off with news that the UN GGE on Cybersecurity has produced a consensus document after their most recent meetings at the UN HQ in New York. In what’s a nice win for cyber stability the document is said to include support for 11 norms or ‘rules of the road’. A previously proposed norm not included in the agreement included that nation states shouldn’t attack foreign private industry for domestic financial gain, with the decision made that such a norm would be better introduced via more economically-orientated forums. The decision on the applicability of international law to cyberspace, reached in the 2013 UNGGE report, was also re-affirmed. According to the State Department’s Michele Markoff, the nations agreed that the UN Charter ‘applies in its entirety, affirming the applicability of the inherent right to self-defence…, and noting the applicability of the law of armed conflict’s fundamental principles of humanity, necessity, proportionality, and distinction.’

The New York Times has produced a nice summary of what you need to know about China’s new cybersecurity law. The new document is significant as it lays out who holds the cyber power within the Chinese government. Unsurprisingly the document shows that Lu Wei and the Cyberspace Administration have a controlling power over cyber policy with responsibility for ‘planning and coordinating network security efforts and related supervision and management efforts.’ Many of the provisions in the document aren’t new, but collect various existing rules and legislation in a single national-level document.

The French government has reportedly joined the ranks of countries known to have tapped the SEA-ME-WE-3 submarine cable. The cable, which carries internet and telecommunications traffic from Europe to Australia, has been a target of Western signals intelligence agencies, with GCHQ said to be leading efforts amongst the Five-Eyes nations.

Over the ditch the NZ government has introduced the Harmful Digital Communications Act, which criminalises certain types of cyber bullying. This covers ‘truthful as well as false information and intimate visual recordings’ that are shared without permission and that cause harm. Penalties include fines of $50,000 for individuals and $200,000 for businesses with potential jail time depending on the severity of the crime.

Arun Mohan Sukumar has a good article on the dynamics of international cyber policy and internet governance within the BRICS countries. He argues that while the countries in the BRICS grouping have varied approaches to internet governance, they have a unique role to play in ‘calling out deficiencies in the present system’.

The Japanese Ministry of Internal Affairs and Communications has created an advisory council to draft a new cyber security policy for local governments, in response to a growing number of attacks targeting sub-national government institutions. The multistakeholder body has already held its first meeting, which was attended by the Minister for Internal Affairs and Communications, Sanae Takaichi.

Last week the Japanese government continued its already extensive regional capacity building efforts by sending a group of officials to Vietnam. The delegation, composed of officials from NISC and the Japan International Cooperation Agency (JICA) will assess cybersecurity practices and identify problems in the Southeast Asian country’s cyber set-up with an eye to further efforts down the line.